Iptables and kernel 2.6.17 phelp needed

To: debian-user@lists.debian.org
Subject: Iptables and kernel 2.6.17 phelp needed
From: chavdar <chavdar@mr-bricolage.bg>
Date: Wed, 19 Jul 2006 09:11:08 +0300
Message-id: <[🔎] 1153289468.6470.20.camel@localhost.localdomain>

Dear List,

I am running Debian unstable. My current kernel is 2.6.12 and it is my
own custom build. Following the recent security advisories, last night I
decided to upgrade my kernel. I downloaded the Debian source for 2.6.17
and did my build as usual with the following commands:

# make-kpkg clean
# make-kpkg --append-to-version -update17072006 --config oldconfig
kernel_image

I installed my new kernel just as usual, rebooted and to my surprise
during the boot I received a long list of the following errors:

iptables v1.2.11: can't initialize iptables table `filter': iptables
who? (do you need to insmod?) 
Perhaps iptables or your kernel needs to be upgraded.

I felt like in a nightmare, because I highly depend on my iptables for
my environment .This is a home machine and my connection is not NAT-ed
by the ISP, so I am exposed to the world.
The first thing I did was to update iptables. Nothing changed.
I checked the kernel config again:

# make menuconfig

I found out that most of the netfilter options are gone and that there
are a couple of new options which I had already changed during the
oldconfig:

CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_BRIDGE_NETFILTER=y
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_ESP=y
CONFIG_NETFILTER_XT_MATCH_HELPER=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
CONFIG_NETFILTER_XT_MATCH_SCTP=y
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
CONFIG_BRIDGE_EBT_T_FILTER=y
CONFIG_PPP_FILTER=y

And that was all. Nothing else from the usual Netfilter options that I
used to configure previously.

I started googling and only found out that there was a re-design of the
Netfilter code in the kernel for 2.6.16 and that if I had all of the
above options enabled, everything would be OK again. Not for me, though.

What else am I missing and how can I get through that and my iptables up
again?

Your help will be highly appreciated, for at the moment I am desperate
and very disappointed.

Best regards

Chavdar Videff

Reply to:

Follow-Ups:
- Re: Iptables and kernel 2.6.17 phelp needed
  - From: George Borisov <george@dxsolutions.co.uk>
- Re: Iptables and kernel 2.6.17 phelp needed
  - From: claytonk@163.com

Prev by Date: APT Black Magic
Next by Date: [OT] How do I make my computer act like a telephone?
Previous by thread: RE: APT Black Magic
Next by thread: Re: Iptables and kernel 2.6.17 phelp needed
Index(es):
- Date
- Thread